Getting started

 

Keep thinking in terms of how Intelligence-Driven decisions can change the whole of security and the organization. Focusing on that will make huge gains in terms of security posture, respect from the business, operational availability, better use of resources, and more effective IT security controls that protect or detect the actual threat.

Overview

Welcome to this CEWL world. This getting started guide is to the steps to help you on your CEWL journey.

Intelligence-Driven

We think it’s important for an organization to Intelligence-Driven. What does that mean? How do we get there?

Ask questions, create filters, review flash alerts, understand the threat-actor cycle, use this to understand the current threat landscape, what the actors are focussing on. We think being a pro-active cyber threat organization is the key to keeping your company safe.

UI Versus API

Our React UI is built entirely on the API, so all features available in the UI are available in the REST API. The REST API swagger/OAS Specification can be found here: https://swagger.cewl.ctci.ai/. The getting started with the API can be found here, https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/399376385

 



On this page:



Immediate Steps

Step 1 - Check your corporate email domains.

When the organization was set up, we would have put the corporate email domain. If you need more corporate email domains, then let us know. Users can only belong to these email domains. To view them, see the menu option “Email Domain” from the Admin menu. More instructions can be found https://ctci.atlassian.net/wiki/pages/resumedraft.action?draftId=329416709. It should be noted we cannot use personal email addresses as corporate domains.

Step 2 - Adding new Users.

Have any users you want to register? These users will then automatically be added to the CTCI portal with the access level of a user. The first user within the organization will have the company_admin role. That means they can manage the companies and any partners for a zero-trust model. You can also add users on their behalf as well through the user menu option. Users can register at portal.ctci.ai/register or click the “Don’t have an account? Sign up” link!

Step 3 - Add your first Notification Delivery method.

How do you want your alerts sent? What is the default Notification delivery if someone doesn’t put how they want it to be sent? Today, CTCI supports email (of course), slack, teams, webhook (limited), and Jira. To configure a Notification Delivery, please learn how to do this https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/325484563.

Step 4 - Add your first Notification Group.

All Notifications need to be associated with a Notification Group. We recommend you give the name Default Notification Group as your first one so that way if people don’t know where to add the Notification filter, they can add it to that. To understand Notification Groups go here: https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/325353473

Step 5 - Add your Notification filter.

This is where the magic happens. Anything that matches the filter will be sent to the Notification Delivery that has been set. So if you want to send just Microsoft as a vendor to the ‘Windows Engineering Team,’ then have a filter: vendor=”Microsoft,” if you want all CEWL additions, then set the filter to enter. To learn about the amazing power of filters and how to set yourself up for success, go https://ctci.atlassian.net/wiki/spaces/CTCIDOC/pages/325517390. Create a default catch-all filter that has the filter as empty, this means don’t filter the result, give me all the CVEs added to CEWL!

Learning the product

Step 6 - Learn the product.

You can either order an UberEats and interactive webinar or watch a webinar. To register, please send an email to admin@ctci.ai.

Longer-term steps (it’s a journey)

Step 7 - Level Up Information Security!

Now you have completed the basics, you have leveled up. Now you are ready to kick it to the next level. This means determining which security departments. Have GRC get this list, how they manage partners. Have Security

  • GRC

  • Security Engineering

  • Security Architecture

  • Audit

Step 8 - Formalize the processes

Now that you are set on the right course of being an Intelligence-Driven organization, it’s time to formalize the processes and automate them as much as possible.

Step 9 - Level Up The Business!

After leveling up Information Security, you can now level up the Business.

  • LOB availability

  • Fraud

Step 10 - Party!

Always celebrate the goals you have achieved, and focus on the next milestone.

The Cybersecurity mantra

Step 11 - External Vigilance (Everything good should go to 11)

Things are always moving, and the world and threat landscape never stop, so enjoy the journey and keep moving forward.

Related pages